You can use the Jython scripting language to manage your certificate authority (CA) client configurations with the wsadmin tool. Use the commands and parameters in the CAClientCommands group to create, modify, query, and remove connections to a third-party CA server.
The createCAClient command creates a new CA client object in your configuration. The application server connects to a CA server through the WSPKIClient() implementation, which handles all connections and communications with the CA server.
Target object
None.
Required parameters
Optional parameters
Return value
The command returns the object name of the CA client that the system creates.
Batch mode example usage
AdminTask.createCAClient('[-caClientName clientObj01 -pkiClientImplClass
com.ibm.wsspi.ssl.WSPKIClient -host machine011 -port 9022
-userName admin -password pw4admin]')
AdminTask.createCAClient(['-caClientName', 'clientObj01', '-pkiClientImplClass',
'com.ibm.wsspi.ssl.WSPKIClient', '-host', 'machine011', '-port', '9022',
'-userName', 'admin', '-password', 'pw4admin'])
Interactive mode example usage
AdminTask.createCAClient('-interactive')
The modifyCAClient command modifies your existing CA client object configuration data. You can modify one or multiple configuration attributes for a specific CA client.
Target object
None.
Required parameters
Optional parameters
Return value
Batch mode example usage
AdminTask.modifyCAClient('[-caClientName myCAClient -port 4060 -userName admin -password password4admin]')
AdminTask.modifyCAClient(['-caClientName', 'myCAClient', '-port', '4060', '-userName', 'admin', '-password', 'password4admin'])
Interactive mode example usage
AdminTask.modifyCAClient('-interactive')
The getCAClient command displays a list of attributes for a specific CA client.
Target object
None.
Required parameters
Optional parameters
Return value
'[ [backupCAs ] [managementScope (cells/myCell01|security.xml#ManagementSc ope_1)] [scopeName (cell):myCell01] [name myCAClient] [baseDn ] [_Websphe re_Config_Data_Id cells/myCell01|security.xml#CAClient_1181834566882] [por t 2951] [CACertificate ] [pkiClientImplClass com.ibm.wsspi.ssl.WSPKIClient] [u serId ] [_Websphere_Config_Data_Type CAClient] [retryCheck 0] [properties ] [fre quencyCheck 0] [password ] [host ] ]'
Batch mode example usage
print AdminTask.getCAClient('-caClientName myCAClient')
print AdminTask.getCAClient('-caClientName', 'myCAClient')
Interactive mode example usage
print AdminTask.getCAClient('-interactive')
The deleteCAClient command removes the CA client object of interest from your configuration. Use the -caClientName parameter to specify the CA client to delete. You can optionally specify the management scope of the CA client object with the scopeName parameter.
Target object
None.
Required parameters
Optional parameters
Return value
The command does not return output if the system successfully removes the CA client of interest. If you receive an error message, verify that the CA client object of interest exists in your configuration and that it is not referenced by a certificate object in your security configuration.
Batch mode example usage
AdminTask.deleteCAClient('[-caClientName myCAClient]')
AdminTask.deleteCAClient(['-caClientName', 'myCAClient'])
Interactive mode example usage
AdminTask.deleteCAClient('-interactive')
The listCAClients command lists all CA clients in your configuration or within a specific scope. If you do not provide a value for the -scopeName parameter, the command queries the cell if you use a deployment manager profile or queries the node if you use an application server profile. Use the -all parameter to query your environment without using a specific scope.
Target object
None.
Optional parameters
Return value
'[ [backupCAs ] [managementScope (cells/myCell01|security.xml#ManagementScope_1) ] [scopeName (cell):myCell01] [name jenCAClient] [baseDn ] [_Websphere_Config_Da ta_Id cells/myCell01|security.xml#CAClient_1181834566881] [port 2950] [CACertifi cate ] [pkiClientImplClass com.ibm.wsspi.ssl.WSPKIClient] [userId ] [_Webspher e_Config_Data_Type CAClient] [retryCheck 0] [properties ] [frequencyCheck 0] [pa ssword ] [host ] ]' '[ [backupCAs ] [managementScope (cells/myCell01|security.xml#ManagementScope_1) ] [scopeName (cell):myCell01] [name myCAClient] [baseDn ] [_Websphere_Config_Dat a_Id cells/myCell01|security.xml#CAClient_1181834566882] [port 2951] [CACertific ate ] [pkiClientImplClass com.ibm.wsspi.ssl.WSPKIClient] [userId ] [_Websphere _Config_Data_Type CAClient] [retryCheck 0] [properties ] [frequencyCheck 0] [pas sword ] [host ] ]'
Batch mode example usage
print AdminTask.listCAClients('-all true')
print AdminTask.listCAClients('-all', 'true')
Interactive mode example usage
print AdminTask.listCAClients('-interactive')